Adding upstream version 1:115.7.0.upstream/1%115.7.0 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 17:32:43 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 17:32:43 +0000
commit: 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch)
tree: a68f146d7fa01f0134297619fbe7e33db084e0aa /testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes.sub.html
parent: Initial commit. (diff)
download: thunderbird-upstream.tar.xz
thunderbird-upstream.zip
1 files changed, 180 insertions, 0 deletions
diff --git a/testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes.sub.html b/testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes.sub.html
new file mode 100644
index 0000000000..4b787e0c18
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes.sub.html
@@ -0,0 +1,180 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="img-src 'none'">
+
+<body>
+
+<script>
+  function wait_for_error_from_frame(frame, test) {
+    window.addEventListener('message', test.step_func(e => {
+      if (e.source != frame.contentWindow)
+        return;
+      assert_equals(e.data, "error");
+      frame.remove();
+      test.done();
+    }));
+  }
+
+  function wait_for_error_from_window(opened_window, test) {
+    window.addEventListener('message', test.step_func(e => {
+      if (e.source != opened_window)
+        return;
+      assert_equals(e.data, "error");
+      opened_window.close();
+      test.done();
+    }));
+  }
+
+  async_test(t => {
+    var i = document.createElement('iframe');
+    document.body.appendChild(i);
+
+    var img = document.createElement('img');
+    img.onerror = t.step_func_done(_ => i.remove());
+    img.onload = t.unreached_func();
+    i.contentDocument.body.appendChild(img);
+    img.src = "{{location[server]}}/images/red-16x16.png";
+  }, "<iframe>'s about:blank inherits policy.");
+
+  async_test(t => {
+    var w = window.open("about:blank");
+
+    let then = t.step_func(() => {
+      then = () => {};
+      var img = w.document.createElement('img');
+      img.onerror = t.step_func_done(_ => w.close());
+      img.onload = t.unreached_func();
+      w.document.body.appendChild(img);
+      img.src = "{{location[server]}}/images/red-16x16.png";
+    });
+
+    // There are now interoperable way to wait for the initial about:blank
+    // document to load. Chrome loads it synchronously, hence we can't wait for
+    // w.onload. On the other side Firefox loads the initial empty document
+    // later and we can wait for the onload event.
+    w.onload = then;
+    setTimeout(then, 200);
+
+    // Navigations to about:blank happens synchronously. There is no need to
+    // wait for the document to load.
+  }, "window about:blank inherits policy.");
+
+  async_test(t => {
+    var i = document.createElement('iframe');
+    i.srcdoc = `
+      <img src='{{location[server]}}/images/red-16x16.png'
+        onload='window.top.postMessage("load", "*");'
+        onerror='window.top.postMessage("error", "*");'
+      >
+    `;
+
+    wait_for_error_from_frame(i, t);
+
+    document.body.appendChild(i);
+  }, "<iframe srcdoc>'s inherits policy.");
+
+  async_test(t => {
+    var i = document.createElement('iframe');
+    var b = new Blob(
+      [`
+        <img src='{{location[server]}}/images/red-16x16.png'
+          onload='window.top.postMessage("load", "*");'
+          onerror='window.top.postMessage("error", "*");'
+        >
+      `], {type:"text/html"});
+    i.src = URL.createObjectURL(b);
+
+    wait_for_error_from_frame(i, t);
+
+    document.body.appendChild(i);
+  }, "<iframe src='blob:...'>'s inherits policy.");
+
+  async_test(t => {
+    var b = new Blob(
+      [`
+        <img src='{{location[server]}}/images/red-16x16.png'
+          onload='window.opener.postMessage("load", "*");'
+          onerror='window.opener.postMessage("error", "*");'
+        >
+      `], {type:"text/html"});
+    let url = URL.createObjectURL(b);
+    var w = window.open(url);
+    wait_for_error_from_window(w, t);
+  }, "window url='blob:...' inherits policy.");
+
+  async_test(t => {
+    var i = document.createElement('iframe');
+    i.src = `data:text/html,<img src='{{location[server]}}/images/red-16x16.png'
+      onload='window.top.postMessage("load", "*");'
+      onerror='window.top.postMessage("error", "*");'
+    >`;
+
+    wait_for_error_from_frame(i, t);
+
+    document.body.appendChild(i);
+  }, "<iframe src='data:...'>'s inherits policy.");
+
+  // Opening a window toward a data-url isn't allowed anymore. Hence, it can't
+  // be tested.
+
+  async_test(t => {
+    var i = document.createElement('iframe');
+    i.src = `javascript:"<img src='{{location[server]}}/images/red-16x16.png'
+      onload='window.top.postMessage(\\"load\\", \\"*\\");'
+      onerror='window.top.postMessage(\\"error\\", \\"*\\");'
+    >"`;
+
+    wait_for_error_from_frame(i, t);
+
+    document.body.appendChild(i);
+  }, "<iframe src='javascript:...'>'s inherits policy (static <img> is blocked)");
+
+  async_test(t => {
+    let url = `javascript:"<img src='{{location[server]}}/images/red-16x16.png'
+      onload='window.opener.postMessage(\\"load\\", \\"*\\");'
+      onerror='window.opener.postMessage(\\"error\\", \\"*\\");'
+    >"`;
+
+    let w = window.open(url);
+    wait_for_error_from_window(w, t);
+  }, "window url='javascript:...'>'s inherits policy (static <img> is blocked)");
+
+  // Same as the previous javascript-URL test, but instead of loading the <img>
+  // from the new document, this one is created from the initial empty document,
+  // while evaluating the javascript-url.
+  // See https://crbug.com/1064676
+  async_test(t => {
+    let url = `javascript:
+      let img = document.createElement('img');
+      img.onload = () => window.top.postMessage('load', '*');
+      img.onerror = () => window.top.postMessage('error', '*');
+      img.src = '{{location[server]}}/images/red-16x16.png';
+      document.body.appendChild(img);
+    `;
+    var i = document.createElement('iframe');
+    i.src = encodeURI(url.replace(/\n/g, ""));
+    wait_for_error_from_frame(i, t);
+
+    document.body.appendChild(i);
+  }, "<iframe src='javascript:...'>'s inherits policy (dynamically inserted <img> is blocked)");
+
+  async_test(t => {
+    var i = document.createElement('iframe');
+    var b = new Blob(
+      [`
+        <img src='{{location[server]}}/images/red-16x16.png'
+          onload='window.top.postMessage("load", "*");'
+          onerror='window.top.postMessage("error", "*");'
+        >
+      `], {type:"text/html"});
+    i.src = URL.createObjectURL(b);
+    i.sandbox = 'allow-scripts';
+
+    wait_for_error_from_frame(i, t);
+
+    document.body.appendChild(i);
+  }, "<iframe sandbox src='blob:...'>'s inherits policy. (opaque origin sandbox)");
+
+</script>
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 17:32:43 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 17:32:43 +0000
commit	6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch)
tree	a68f146d7fa01f0134297619fbe7e33db084e0aa /testing/web-platform/tests/content-security-policy/inheritance/iframe-all-local-schemes.sub.html
parent	Initial commit. (diff)
download	thunderbird-upstream.tar.xz thunderbird-upstream.zip